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CLAIMS 

^TT^A data processing system for executing at least one program to which 
access by a user is controlled by the provision of credentials assigned to said user, 
said system including: 

- at least one terminal including data processing means for executing at 
least part of said program, 

- first memory means associated with said program for storing at least first 
credentials specific to said user, and 

- access control means for authorizing access to said program in response 
to a match between said first credentials stored in said first memory means and 
second credentials applied via said terminal to said program, 

-at least one security device personal to said user, associated with said 
terminal and including second memory means for secure storage of said second 
credentials, 

-said terminal including at least some of credentials management means 
(CMP) including: 

• means for reading and transmitting credentials to read said second 
credentials stored in said second memory means and transmit them to 
said access control means in response to presentation of a request to 
access said program, and 

• credentials updating means for selectively commanding the generation 
and loading into said first and second memory means of new 
credentials replacing said first and second credentials previously 
stored. 

2. A system according to claim 1, wherein said access control means 
authorize access to said program in response to identity of said first and second 
credentials. 

3. A system according to claim 1, wherein said second memory means 
store a first identification code of said user, said terminal includes interface means 
for applying a second identification code to said personal security device and said 
personal security device comprises identification code validation means, access to 
said personal security device being authorized by said validation means in response 
to identity of said first and second identification codes. 
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4. A system according to claim 1 , wherein said credentials updating means 
comprises generating means to generate said new credentials automatically and to 
transmit them directly to said first and second memory means without communicating 
said new credentials to said user. 
5 5. A system according to claim 1, wherein said credentials management 

means are software means forming part of said program. 

6. A system according to claim 5, wherein said credentials updating means 
comprises generating means to generate and load said new credentials into said first 
and second memory means consecutively upon authorization of access by said 

10 access control means. 

7. A system according to claim 6, wherein said credentials management means 
include dating means for dating and loading into at least one of said memory means the 
date at which said credentials are generated and inhibitor means for authorizing 
generation of said new credentials by said updating means only after a particular time 

15 has elapsed since the generation of said credentials stored in said memory means. 

8. A system according to claims 1, wherein said credentials management 
means are software means independent of said program. 

9. A system according to claim 3, wherein said credentials management 
means are software means independent of said program and said credentials 

20 updating means comprises generating means to generate and load said new 
credentials into said first and second memory means consecutively upon validation of 
said identification code by said validation means. 

10. A system according to either claim 9, wherein said credentials 
management means include dating means for dating and loading into at least one of 

25 said memory means the date at which said credentials are generated and inhibitor 
means for authorizing generation of said new credentials by said updating means 
only after a particular time has elapsed since the generation of said credentials 
stored in said memory means. 

11. A system according to claim 1, wherein said program is stored and 
30 executed wholly within said terminal for local execution of said application. 

12. A system according to claim 1, wherein said system includes at least 
one server and transmission means for transmitting data between said terminal and 
said server, said program is stored and executed partly in said terminal and partly in 
said server, and said first memory means are associated with said server. 



